We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
1 parent 11ccb5a commit 95fb84aCopy full SHA for 95fb84a
2 files changed
jose/jwt.py
@@ -425,7 +425,7 @@ def _validate_at_hash(claims, access_token, algorithm):
425
try:
426
expected_hash = calculate_at_hash(access_token,
427
ALGORITHMS.HASHES[algorithm])
428
- except TypeError:
+ except (TypeError, ValueError):
429
msg = 'Unable to calculate at_hash to verify against token claims.'
430
raise JWTClaimsError(msg)
431
tests/test_jwt.py
@@ -449,6 +449,11 @@ def test_at_hash_missing_claim(self, claims, key):
449
with pytest.raises(JWTError):
450
jwt.decode(token, key, access_token='<ACCESS_TOKEN>')
451
452
+ def test_at_hash_unable_to_calculate(self, claims, key):
453
+ token = jwt.encode(claims, key, access_token='<ACCESS_TOKEN>')
454
+ with pytest.raises(JWTError):
455
+ jwt.decode(token, key, access_token='\xe2')
456
+
457
def test_unverified_claims_string(self):
458
token = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.aW52YWxpZCBjbGFpbQ.iOJ5SiNfaNO_pa2J4Umtb3b3zmk5C18-mhTCVNsjnck'
459
0 commit comments